Exposed Kubernetes secrets pose significant supply chain threat

Numerous organizations and open-source projects could be impacted by a supply chain attack stemming from publicly exposed Kubernetes secrets enabling access to sensitive Software Development Life Cycle environments, according to SecurityWeek. Nearly 46% of all Kubernetes .dockerconfigjson and .dockercfg secrets with base64-encoded user and password values had credentials to registries, most of which had pushing and pulling privileges, as well as contained private container images, a report from Aqua Security revealed. Researchers were also able to discover credentials for SAP's Artifacts repository, which contained over 95 million artifacts, including those from various Fortune 500 firms and two leading blockchain companies. "The exposure of this Artifacts repository key represented a considerable security risk. The potential threats stemming from such access included the leakage of proprietary code, data breaches, and the risk of supply chain attacks, all of which could compromise the integrity of the organization and the security of its customers," said Aqua Security.